Kia ora, 

The Ministry of Health closedown period is between 23 December 2025 to 7
January 2026. During this time this inbox will not be monitored. We will
respond to your email upon our return.

Have a safe and happy holiday period. 
OIA Services Team
Ministry of Health  | Manatū Hauora

****************************************************************************
Statement of confidentiality: This e-mail message and any accompanying
attachments may contain information that is IN-CONFIDENCE and subject to
legal privilege.
If you are not the intended recipient, do not read, use, disseminate,
distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message.
****************************************************************************

hide quoted sections

Kia ora Tangata Whenua, 

 

 

Thank you for your request under the Official Information Act 1982 (the
Act), received by the Ministry of Health on 6 January 2026. You requested:

 

"(1) What are the names of the people who run the ManageMyHealth platform?

[I have contacted the ManageMyHealth website to seek clarity but the "WHO
WE ARE" section does not disclose who they are. 

(2) Who is the person that is liable for ManageMyHealth? Please provide
the Name and contact details for the person ultimately responsible for any
data breach involving unauthorised access. [The website provides contact
details but fails to provide a contact NAME: Level 1, 48 Market Place,
Viaduct Harbour.Auckland 1010 [email address]]

(3) Does the Ministry of Health or the Minister Responsible for the
Department of Health have any penalties, or a civil penalty rating for
cyber security breaches involving unauthorised access. If the answer is
no, then why not and when will the ministry be implementing a civil
penalty rating?"

 

The reference number for your request is H2026077306. As required under
the Act, the Ministry will endeavour to respond to your request no later
than 20 working days after the day your request was
received: [1]http://www.ombudsman.parliament.nz/.  

 

Please be advised that due dates for requests received on 27 November 2025
onwards will take into account the summer holiday period (25 December 2025
to 15 January 2026). Please refer to this guide for an explanation of
the [2]statutory obligations under the Official Information Act 1982.
 

If you have any queries related to this request, please do not hesitate to
get in touch ([3][email address]).

 

 

Ngā mihi,
 
OIA Services Team

Ministry of Health | Manatū Hauora
 

M[4]inistry of Health information releases

 

------------------- Original Message -------------------
From: Tangata Whenua <[FOI #33436 email]>; 
Received: Tue Jan 06 2026 09:55:27 GMT+1300 (New Zealand Daylight Time)
To: OIA Requests <[email address]>; OIA <[email address]>; 
Subject: Official Information request - Manage My Health Data Breach 31
December 2025

Dear Ministry of Health,

31 December 2025, the patient health information portal ManageMyHealth
disclosed a cyber security breach involving unauthorised access. I would
like to request the following information: 

(1) What are the names of the people who run the ManageMyHealth platform? 
[I have contacted the ManageMyHealth website to seek clarity but the "WHO
WE ARE" section does not disclose who they are.
[5]https://aus01.safelinks.protection.outlo...

(2) Who is the person that is liable for ManageMyHealth? Please provide
the Name and contact details for the person ultimately responsible for any
data breach involving unauthorised access. [The website provides contact
details but fails to provide a contact NAME: Level 1, 48 Market Place,
Viaduct Harbour.Auckland 1010 [email address]]

(3) Does the Ministry of Health or the Minister Responsible for the
Department of Health have any penalties, or a civil penalty rating for
cyber security breaches involving unauthorised access. If the answer is
no, then why not and when will the ministry be implementing a civil
penalty rating? 

Yours faithfully,

Tangata Whenua

-------------------------------------------------------------------

This is an Official Information request made via the FYI website.

Please use this email address for all replies to this request:
[FOI #33436 email]

Is [Ministry of Health request email] the wrong address for Official Information requests
to Ministry of Health? If so, please contact us using this form:
[6]https://aus01.safelinks.protection.outlo...

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[7]https://aus01.safelinks.protection.outlo...

If you find this service useful as an Official Information officer, please
ask your web manager to link to us from your organisation's OIA or LGOIMA
page.

-------------------------------------------------------------------

 

****************************************************************************
Statement of confidentiality: This e-mail message and any accompanying
attachments may contain information that is IN-CONFIDENCE and subject to
legal privilege.
If you are not the intended recipient, do not read, use, disseminate,
distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message.
****************************************************************************

References

Visible links
1. http://www.ombudsman.parliament.nz/
2. https://aus01.safelinks.protection.outlo...
https://www.ombudsman.parliament.nz/reso...
3. mailto:[email address]
4. https://www.health.govt.nz/about-ministr...
https://www.health.govt.nz/about-ministr...
5. https://managemyhealth.co.nz/about-us/
6. https://fyi.org.nz/change_request/new?bo...
7. https://fyi.org.nz/help/officers

hide quoted sections